c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
Size

184KB
MD5

8a3988949e2361de14ff20b9b36093e5
SHA1

15a9d5ddae6c25200fc25924b5e181db1aa5102a
SHA256

c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6
SHA512

4204fb0ab5af1164e8c89c1ae19d5fc7cfdbee4882b44343099d6de6b64b4ca8bbd904361a26de93752c13d44135040b343f61717b3cf6ba4eb299d945a3fc7c
SSDEEP

3072:MNMPjIolllHIdVeieguLiwPIIKN/zJfhP+tZB5q+UZXhlnVOF:MNTox0VeJLrPIIWGKlhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-18107.exeUnicorn-46446.exeUnicorn-10244.exeUnicorn-58413.exeUnicorn-5683.exeUnicorn-25549.exeUnicorn-45624.exeUnicorn-58431.exeUnicorn-29096.exeUnicorn-9230.exeUnicorn-12759.exeUnicorn-44327.exeUnicorn-7933.exeUnicorn-59895.exeUnicorn-30238.exeUnicorn-30238.exeUnicorn-10372.exeUnicorn-27514.exeUnicorn-40320.exeUnicorn-60186.exeUnicorn-39059.exeUnicorn-58541.exeUnicorn-5811.exeUnicorn-10217.exeUnicorn-25027.exeUnicorn-28557.exeUnicorn-12028.exeUnicorn-41363.exeUnicorn-19289.exeUnicorn-32095.exeUnicorn-2568.exeUnicorn-2568.exeUnicorn-31903.exeUnicorn-13751.exeUnicorn-59039.exeUnicorn-13367.exeUnicorn-32584.exeUnicorn-48536.exeUnicorn-32008.exeUnicorn-61343.exeUnicorn-61343.exeUnicorn-15672.exeUnicorn-44815.exeUnicorn-64680.exeUnicorn-27364.exeUnicorn-56507.exeUnicorn-9766.exeUnicorn-60887.exeUnicorn-8157.exeUnicorn-44359.exeUnicorn-11302.exeUnicorn-14125.exeUnicorn-23725.exeUnicorn-10726.exeUnicorn-46471.exeUnicorn-29943.exeUnicorn-10077.exeUnicorn-42749.exeUnicorn-13092.exeUnicorn-16238.exeUnicorn-65438.exeUnicorn-65438.exeUnicorn-12708.exeUnicorn-16046.exe

pid	process
1700	Unicorn-18107.exe
1144	Unicorn-46446.exe
2560	Unicorn-10244.exe
2556	Unicorn-58413.exe
2480	Unicorn-5683.exe
2568	Unicorn-25549.exe
1600	Unicorn-45624.exe
1992	Unicorn-58431.exe
2920	Unicorn-29096.exe
2816	Unicorn-9230.exe
1528	Unicorn-12759.exe
1004	Unicorn-44327.exe
1448	Unicorn-7933.exe
2064	Unicorn-59895.exe
2224	Unicorn-30238.exe
2888	Unicorn-30238.exe
2212	Unicorn-10372.exe
1512	Unicorn-27514.exe
1812	Unicorn-40320.exe
2164	Unicorn-60186.exe
2120	Unicorn-39059.exe
1952	Unicorn-58541.exe
956	Unicorn-5811.exe
2908	Unicorn-10217.exe
320	Unicorn-25027.exe
1844	Unicorn-28557.exe
2336	Unicorn-12028.exe
1776	Unicorn-41363.exe
548	Unicorn-19289.exe
2188	Unicorn-32095.exe
1096	Unicorn-2568.exe
1956	Unicorn-2568.exe
2536	Unicorn-31903.exe
2640	Unicorn-13751.exe
2456	Unicorn-59039.exe
2488	Unicorn-13367.exe
1688	Unicorn-32584.exe
2380	Unicorn-48536.exe
2828	Unicorn-32008.exe
2520	Unicorn-61343.exe
2532	Unicorn-61343.exe
2728	Unicorn-15672.exe
1944	Unicorn-44815.exe
1940	Unicorn-64680.exe
1288	Unicorn-27364.exe
2056	Unicorn-56507.exe
2664	Unicorn-9766.exe
1796	Unicorn-60887.exe
1016	Unicorn-8157.exe
2116	Unicorn-44359.exe
1596	Unicorn-11302.exe
1000	Unicorn-14125.exe
1784	Unicorn-23725.exe
2268	Unicorn-10726.exe
600	Unicorn-46471.exe
1504	Unicorn-29943.exe
1708	Unicorn-10077.exe
2968	Unicorn-42749.exe
2352	Unicorn-13092.exe
2072	Unicorn-16238.exe
2648	Unicorn-65438.exe
2800	Unicorn-65438.exe
2428	Unicorn-12708.exe
2496	Unicorn-16046.exe

Loads dropped DLL 64 IoCs

Processes:

c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exeUnicorn-18107.exeUnicorn-10244.exeUnicorn-46446.exeWerFault.exeUnicorn-58413.exeUnicorn-25549.exeUnicorn-5683.exeWerFault.exeWerFault.exeUnicorn-45624.exeUnicorn-29096.exeUnicorn-58431.exeUnicorn-9230.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-7933.exeUnicorn-44327.exeUnicorn-12759.exeUnicorn-30238.exe

pid	process
2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
1700	Unicorn-18107.exe
1700	Unicorn-18107.exe
2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
2560	Unicorn-10244.exe
2560	Unicorn-10244.exe
1700	Unicorn-18107.exe
1144	Unicorn-46446.exe
1700	Unicorn-18107.exe
1144	Unicorn-46446.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2556	Unicorn-58413.exe
2556	Unicorn-58413.exe
2560	Unicorn-10244.exe
2568	Unicorn-25549.exe
1144	Unicorn-46446.exe
2560	Unicorn-10244.exe
2568	Unicorn-25549.exe
1144	Unicorn-46446.exe
2480	Unicorn-5683.exe
2480	Unicorn-5683.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
1600	Unicorn-45624.exe
2556	Unicorn-58413.exe
1600	Unicorn-45624.exe
2556	Unicorn-58413.exe
2920	Unicorn-29096.exe
1992	Unicorn-58431.exe
2920	Unicorn-29096.exe
2816	Unicorn-9230.exe
1992	Unicorn-58431.exe
2816	Unicorn-9230.exe
2568	Unicorn-25549.exe
2568	Unicorn-25549.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
588	WerFault.exe
588	WerFault.exe
620	WerFault.exe
620	WerFault.exe
588	WerFault.exe
620	WerFault.exe
1448	Unicorn-7933.exe
1448	Unicorn-7933.exe
1600	Unicorn-45624.exe
1600	Unicorn-45624.exe
1004	Unicorn-44327.exe
1004	Unicorn-44327.exe
1528	Unicorn-12759.exe
1528	Unicorn-12759.exe
2224	Unicorn-30238.exe
2224	Unicorn-30238.exe
1992	Unicorn-58431.exe
1992	Unicorn-58431.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2584	2208	WerFault.exe	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
2476	1700	WerFault.exe	Unicorn-18107.exe
2492	2560	WerFault.exe	Unicorn-10244.exe
2760	1144	WerFault.exe	Unicorn-46446.exe
596	2556	WerFault.exe	Unicorn-58413.exe
588	2568	WerFault.exe	Unicorn-25549.exe
620	2480	WerFault.exe	Unicorn-5683.exe
1712	1600	WerFault.exe	Unicorn-45624.exe
1748	2920	WerFault.exe	Unicorn-29096.exe
2356	1528	WerFault.exe	Unicorn-12759.exe
2516	1992	WerFault.exe	Unicorn-58431.exe
400	2816	WerFault.exe	Unicorn-9230.exe
1920	1776	WerFault.exe	Unicorn-41363.exe
2420	1448	WerFault.exe	Unicorn-7933.exe
384	1004	WerFault.exe	Unicorn-44327.exe
2372	2224	WerFault.exe	Unicorn-30238.exe
1396	2064	WerFault.exe	Unicorn-59895.exe
480	2212	WerFault.exe	Unicorn-10372.exe
448	2888	WerFault.exe	Unicorn-30238.exe
1760	1512	WerFault.exe	Unicorn-27514.exe
2080	2164	WerFault.exe	Unicorn-60186.exe
820	1812	WerFault.exe	Unicorn-40320.exe
2216	2120	WerFault.exe	Unicorn-39059.exe
2500	1952	WerFault.exe	Unicorn-58541.exe
2360	956	WerFault.exe	Unicorn-5811.exe
1508	2336	WerFault.exe	Unicorn-12028.exe
2296	1844	WerFault.exe	Unicorn-28557.exe
1584	2908	WerFault.exe	Unicorn-10217.exe
1592	320	WerFault.exe	Unicorn-25027.exe
2452	2072	WerFault.exe	Unicorn-16238.exe
876	2800	WerFault.exe	Unicorn-65438.exe
2508	2648	WerFault.exe	Unicorn-65438.exe
576	548	WerFault.exe	Unicorn-19289.exe
2152	2188	WerFault.exe	Unicorn-32095.exe
2304	1096	WerFault.exe	Unicorn-2568.exe
1716	1956	WerFault.exe	Unicorn-2568.exe
2552	2456	WerFault.exe	Unicorn-59039.exe
2388	1688	WerFault.exe	Unicorn-32584.exe
2536	2640	WerFault.exe	Unicorn-13751.exe
3080	2488	WerFault.exe	Unicorn-13367.exe
3128	2828	WerFault.exe	Unicorn-32008.exe
3136	2532	WerFault.exe	Unicorn-61343.exe
3160	2380	WerFault.exe	Unicorn-48536.exe
3176	1940	WerFault.exe	Unicorn-64680.exe
3168	2520	WerFault.exe	Unicorn-61343.exe
3208	2728	WerFault.exe	Unicorn-15672.exe
3216	1944	WerFault.exe	Unicorn-44815.exe
4068	1288	WerFault.exe	Unicorn-27364.exe
4080	2056	WerFault.exe	Unicorn-56507.exe
3308	2664	WerFault.exe	Unicorn-9766.exe
3564	1796	WerFault.exe	Unicorn-60887.exe
3744	1596	WerFault.exe	Unicorn-11302.exe
3728	1708	WerFault.exe	Unicorn-10077.exe
3788	2968	WerFault.exe	Unicorn-42749.exe
3816	3420	WerFault.exe	Unicorn-7159.exe
3412	1744	WerFault.exe	Unicorn-32726.exe
3552	2128	WerFault.exe	Unicorn-52592.exe
3820	2992	WerFault.exe	Unicorn-65246.exe
4112	1784	WerFault.exe	Unicorn-23725.exe
4136	540	WerFault.exe	Unicorn-20797.exe
4176	1652	WerFault.exe	Unicorn-38725.exe
4196	2792	WerFault.exe	Unicorn-6188.exe
4204	2496	WerFault.exe	Unicorn-16046.exe
4232	2604	WerFault.exe	Unicorn-38861.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exeUnicorn-18107.exeUnicorn-46446.exeUnicorn-10244.exeUnicorn-58413.exeUnicorn-5683.exeUnicorn-25549.exeUnicorn-45624.exeUnicorn-29096.exeUnicorn-12759.exeUnicorn-9230.exeUnicorn-58431.exeUnicorn-44327.exeUnicorn-7933.exeUnicorn-30238.exeUnicorn-59895.exeUnicorn-30238.exeUnicorn-10372.exeUnicorn-27514.exeUnicorn-40320.exeUnicorn-60186.exeUnicorn-39059.exeUnicorn-58541.exeUnicorn-5811.exeUnicorn-10217.exeUnicorn-25027.exeUnicorn-28557.exeUnicorn-12028.exeUnicorn-41363.exeUnicorn-19289.exeUnicorn-32095.exeUnicorn-2568.exeUnicorn-2568.exeUnicorn-31903.exeUnicorn-13751.exeUnicorn-13367.exeUnicorn-59039.exeUnicorn-32584.exeUnicorn-48536.exeUnicorn-61343.exeUnicorn-32008.exeUnicorn-15672.exeUnicorn-44815.exeUnicorn-61343.exeUnicorn-64680.exeUnicorn-27364.exeUnicorn-56507.exeUnicorn-9766.exeUnicorn-60887.exeUnicorn-8157.exeUnicorn-44359.exeUnicorn-11302.exeUnicorn-14125.exeUnicorn-23725.exeUnicorn-10726.exeUnicorn-46471.exeUnicorn-10077.exeUnicorn-29943.exeUnicorn-13092.exeUnicorn-16238.exeUnicorn-65438.exeUnicorn-65438.exeUnicorn-12708.exeUnicorn-16046.exe

pid	process
2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
1700	Unicorn-18107.exe
1144	Unicorn-46446.exe
2560	Unicorn-10244.exe
2556	Unicorn-58413.exe
2480	Unicorn-5683.exe
2568	Unicorn-25549.exe
1600	Unicorn-45624.exe
2920	Unicorn-29096.exe
1528	Unicorn-12759.exe
2816	Unicorn-9230.exe
1992	Unicorn-58431.exe
1004	Unicorn-44327.exe
1448	Unicorn-7933.exe
2224	Unicorn-30238.exe
2064	Unicorn-59895.exe
2888	Unicorn-30238.exe
2212	Unicorn-10372.exe
1512	Unicorn-27514.exe
1812	Unicorn-40320.exe
2164	Unicorn-60186.exe
2120	Unicorn-39059.exe
1952	Unicorn-58541.exe
956	Unicorn-5811.exe
2908	Unicorn-10217.exe
320	Unicorn-25027.exe
1844	Unicorn-28557.exe
2336	Unicorn-12028.exe
1776	Unicorn-41363.exe
548	Unicorn-19289.exe
2188	Unicorn-32095.exe
1096	Unicorn-2568.exe
1956	Unicorn-2568.exe
2536	Unicorn-31903.exe
2640	Unicorn-13751.exe
2488	Unicorn-13367.exe
2456	Unicorn-59039.exe
1688	Unicorn-32584.exe
2380	Unicorn-48536.exe
2520	Unicorn-61343.exe
2828	Unicorn-32008.exe
2728	Unicorn-15672.exe
1944	Unicorn-44815.exe
2532	Unicorn-61343.exe
1940	Unicorn-64680.exe
1288	Unicorn-27364.exe
2056	Unicorn-56507.exe
2664	Unicorn-9766.exe
1796	Unicorn-60887.exe
1016	Unicorn-8157.exe
2116	Unicorn-44359.exe
1596	Unicorn-11302.exe
1000	Unicorn-14125.exe
1784	Unicorn-23725.exe
2268	Unicorn-10726.exe
600	Unicorn-46471.exe
1708	Unicorn-10077.exe
1504	Unicorn-29943.exe
2352	Unicorn-13092.exe
2072	Unicorn-16238.exe
2648	Unicorn-65438.exe
2800	Unicorn-65438.exe
2428	Unicorn-12708.exe
2496	Unicorn-16046.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exeUnicorn-18107.exeUnicorn-10244.exeUnicorn-46446.exeUnicorn-58413.exeUnicorn-25549.exeUnicorn-5683.exeUnicorn-45624.exe

description	pid	process	target process
PID 2208 wrote to memory of 1700	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-18107.exe
PID 2208 wrote to memory of 1700	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-18107.exe
PID 2208 wrote to memory of 1700	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-18107.exe
PID 2208 wrote to memory of 1700	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-18107.exe
PID 1700 wrote to memory of 1144	1700	Unicorn-18107.exe	Unicorn-46446.exe
PID 1700 wrote to memory of 1144	1700	Unicorn-18107.exe	Unicorn-46446.exe
PID 1700 wrote to memory of 1144	1700	Unicorn-18107.exe	Unicorn-46446.exe
PID 1700 wrote to memory of 1144	1700	Unicorn-18107.exe	Unicorn-46446.exe
PID 2208 wrote to memory of 2560	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-10244.exe
PID 2208 wrote to memory of 2560	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-10244.exe
PID 2208 wrote to memory of 2560	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-10244.exe
PID 2208 wrote to memory of 2560	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	Unicorn-10244.exe
PID 2208 wrote to memory of 2584	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	WerFault.exe
PID 2208 wrote to memory of 2584	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	WerFault.exe
PID 2208 wrote to memory of 2584	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	WerFault.exe
PID 2208 wrote to memory of 2584	2208	c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe	WerFault.exe
PID 2560 wrote to memory of 2556	2560	Unicorn-10244.exe	Unicorn-58413.exe
PID 2560 wrote to memory of 2556	2560	Unicorn-10244.exe	Unicorn-58413.exe
PID 2560 wrote to memory of 2556	2560	Unicorn-10244.exe	Unicorn-58413.exe
PID 2560 wrote to memory of 2556	2560	Unicorn-10244.exe	Unicorn-58413.exe
PID 1700 wrote to memory of 2480	1700	Unicorn-18107.exe	Unicorn-5683.exe
PID 1700 wrote to memory of 2480	1700	Unicorn-18107.exe	Unicorn-5683.exe
PID 1700 wrote to memory of 2480	1700	Unicorn-18107.exe	Unicorn-5683.exe
PID 1700 wrote to memory of 2480	1700	Unicorn-18107.exe	Unicorn-5683.exe
PID 1144 wrote to memory of 2568	1144	Unicorn-46446.exe	Unicorn-25549.exe
PID 1144 wrote to memory of 2568	1144	Unicorn-46446.exe	Unicorn-25549.exe
PID 1144 wrote to memory of 2568	1144	Unicorn-46446.exe	Unicorn-25549.exe
PID 1144 wrote to memory of 2568	1144	Unicorn-46446.exe	Unicorn-25549.exe
PID 1700 wrote to memory of 2476	1700	Unicorn-18107.exe	WerFault.exe
PID 1700 wrote to memory of 2476	1700	Unicorn-18107.exe	WerFault.exe
PID 1700 wrote to memory of 2476	1700	Unicorn-18107.exe	WerFault.exe
PID 1700 wrote to memory of 2476	1700	Unicorn-18107.exe	WerFault.exe
PID 2556 wrote to memory of 1600	2556	Unicorn-58413.exe	Unicorn-45624.exe
PID 2556 wrote to memory of 1600	2556	Unicorn-58413.exe	Unicorn-45624.exe
PID 2556 wrote to memory of 1600	2556	Unicorn-58413.exe	Unicorn-45624.exe
PID 2556 wrote to memory of 1600	2556	Unicorn-58413.exe	Unicorn-45624.exe
PID 2560 wrote to memory of 2816	2560	Unicorn-10244.exe	Unicorn-9230.exe
PID 2560 wrote to memory of 2816	2560	Unicorn-10244.exe	Unicorn-9230.exe
PID 2560 wrote to memory of 2816	2560	Unicorn-10244.exe	Unicorn-9230.exe
PID 2560 wrote to memory of 2816	2560	Unicorn-10244.exe	Unicorn-9230.exe
PID 2568 wrote to memory of 2920	2568	Unicorn-25549.exe	Unicorn-29096.exe
PID 2568 wrote to memory of 2920	2568	Unicorn-25549.exe	Unicorn-29096.exe
PID 2568 wrote to memory of 2920	2568	Unicorn-25549.exe	Unicorn-29096.exe
PID 2568 wrote to memory of 2920	2568	Unicorn-25549.exe	Unicorn-29096.exe
PID 1144 wrote to memory of 1992	1144	Unicorn-46446.exe	Unicorn-58431.exe
PID 1144 wrote to memory of 1992	1144	Unicorn-46446.exe	Unicorn-58431.exe
PID 1144 wrote to memory of 1992	1144	Unicorn-46446.exe	Unicorn-58431.exe
PID 1144 wrote to memory of 1992	1144	Unicorn-46446.exe	Unicorn-58431.exe
PID 2480 wrote to memory of 1528	2480	Unicorn-5683.exe	Unicorn-12759.exe
PID 2480 wrote to memory of 1528	2480	Unicorn-5683.exe	Unicorn-12759.exe
PID 2480 wrote to memory of 1528	2480	Unicorn-5683.exe	Unicorn-12759.exe
PID 2480 wrote to memory of 1528	2480	Unicorn-5683.exe	Unicorn-12759.exe
PID 2560 wrote to memory of 2492	2560	Unicorn-10244.exe	WerFault.exe
PID 2560 wrote to memory of 2492	2560	Unicorn-10244.exe	WerFault.exe
PID 2560 wrote to memory of 2492	2560	Unicorn-10244.exe	WerFault.exe
PID 2560 wrote to memory of 2492	2560	Unicorn-10244.exe	WerFault.exe
PID 1144 wrote to memory of 2760	1144	Unicorn-46446.exe	WerFault.exe
PID 1144 wrote to memory of 2760	1144	Unicorn-46446.exe	WerFault.exe
PID 1144 wrote to memory of 2760	1144	Unicorn-46446.exe	WerFault.exe
PID 1144 wrote to memory of 2760	1144	Unicorn-46446.exe	WerFault.exe
PID 1600 wrote to memory of 1004	1600	Unicorn-45624.exe	Unicorn-44327.exe
PID 1600 wrote to memory of 1004	1600	Unicorn-45624.exe	Unicorn-44327.exe
PID 1600 wrote to memory of 1004	1600	Unicorn-45624.exe	Unicorn-44327.exe
PID 1600 wrote to memory of 1004	1600	Unicorn-45624.exe	Unicorn-44327.exe

C:\Users\Admin\AppData\Local\Temp\c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe
"C:\Users\Admin\AppData\Local\Temp\c09855a531777c45f0d4f2fe554ae1dd31f3c8158c9ec5d79db620205706b2a6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
9⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
10⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
11⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-28341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28341.exe
12⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
13⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
14⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
15⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
15⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
14⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
13⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
12⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
11⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
11⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
12⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
13⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
14⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
13⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
12⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
11⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
9⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
12⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
13⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 236
13⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
11⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
9⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
11⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
12⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
13⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
14⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
14⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
12⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
12⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 216
13⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 220
11⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
9⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
8⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
9⤵
- Program crash
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
8⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
11⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
12⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
13⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
13⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 220
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
11⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 216
9⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
8⤵
- Program crash
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
8⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
9⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
12⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
13⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
14⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
11⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
12⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
13⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
9⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
11⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
13⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
13⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
11⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
10⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
9⤵
- Program crash
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
8⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
7⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
12⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 220
13⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
11⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
12⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 236
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
8⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
7⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
6⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
9⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
8⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
12⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
12⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
8⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
11⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
12⤵
PID:10376

C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
13⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
9⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
10⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
8⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
7⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
7⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
12⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
8⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
7⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
9⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
10⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
11⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
12⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
13⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
14⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
13⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
12⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
11⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
11⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
12⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 220
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
11⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
11⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
10⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
9⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
8⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
11⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
13⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
9⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
10⤵
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
11⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
12⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
10⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 236
11⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
8⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
7⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
8⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
10⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
9⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
7⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
6⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
8⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
10⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 200
11⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
10⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-27130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27130.exe
12⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
8⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
7⤵
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 220
8⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
11⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 236
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
7⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
6⤵
- Program crash
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
5⤵
- Program crash
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
11⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
12⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
13⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-19758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19758.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
11⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
12⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
7⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
11⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
12⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
8⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
7⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
6⤵
- Executes dropped EXE
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
7⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
11⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 216
12⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 220
10⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
7⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
6⤵
- Program crash
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
5⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-60186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60186.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
9⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
10⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
11⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
12⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
13⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
14⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 236
14⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
13⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
11⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
10⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
11⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
12⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
13⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45448.exe
14⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
12⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
11⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
12⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
13⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
14⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 236
13⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
12⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
10⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
9⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
12⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
13⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
13⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
9⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
8⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
12⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
13⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
13⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 220
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
9⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
10⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
11⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
12⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
8⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-61186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61186.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
11⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
12⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
13⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 216
13⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 220
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
9⤵
- Program crash
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
10⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
11⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
12⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
7⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-61762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61762.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
11⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-43503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43503.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
12⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
8⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
6⤵
- Program crash
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
11⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
12⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
13⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
14⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
14⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
13⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
12⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
11⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
12⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
13⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
13⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 240
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
11⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
10⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
11⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
12⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
13⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
9⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
10⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
11⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
10⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
8⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
7⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
7⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
10⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
11⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
12⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
10⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 220
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
9⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
10⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
11⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
11⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
10⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 220
9⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
- Program crash
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 220
6⤵
- Program crash
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
5⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
8⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
11⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-64940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64940.exe
12⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
13⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
14⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
14⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
12⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
11⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
11⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
12⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
13⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
13⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 220
11⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
9⤵
- Program crash
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
12⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 236
11⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
9⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
8⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
10⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
11⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
12⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 236
12⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
11⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
9⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
8⤵
- Program crash
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
7⤵
- Program crash
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
7⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
12⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
13⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
10⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
11⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 220
12⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
11⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
8⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
10⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
11⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
11⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
8⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
7⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
6⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
8⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 240
9⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
11⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
12⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 220
10⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
7⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-46684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46684.exe
10⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
11⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
12⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 236
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
11⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
9⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
10⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
11⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
11⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
10⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 240
8⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48871.exe
6⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
11⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
12⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 220
12⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
9⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
10⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 220
11⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
10⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
9⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 240
8⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
7⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
9⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
10⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
10⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
9⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
8⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
7⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
6⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
5⤵
- Program crash
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
13⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
12⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
10⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
12⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
- Program crash
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
7⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
9⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
8⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
7⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
6⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
10⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
11⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
12⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
7⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
9⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
10⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
11⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
11⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
10⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
9⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
8⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
7⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
6⤵
- Program crash
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
6⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
8⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
9⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
10⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
11⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
10⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
9⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
8⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
7⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
6⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
5⤵
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
5⤵
- Program crash
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
4⤵
- Program crash
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
2⤵
- Program crash
PID:2584

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
Filesize
184KB

MD5
df8320d53609d25f58ffb4335d3f99c0

SHA1
b14b15fe9f31b9de5b770a789992812f17580537

SHA256
d5aba9cbff1ca1da9f6c39a455f4e4652f7dac817c698130e77b0a121b44eda4

SHA512
8b95c0606132402a45c4b57ffe89eccf7f4c18ac8f0d1682135f802820e1683a10f9bc05d88af79f94b6c666bae32704b85b88801c39592a479a64b4149c2998

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
Filesize
184KB

MD5
3682cf1cca2fb6b579449ba7bce8a13f

SHA1
06c6a891afff095e3f9279b5873c10f485d881db

SHA256
f90deac4f3e0cd63ee69f148ed4214cbb43a1f3c3add75665c2843a1fa873622

SHA512
3e45d2d3b7536e4054d587168b9307495adad229350a288271e16f44ffb16dddd645d0024504ce9f9d0d11ba1e467052de28de4bf2adba0a1dc955d41464d127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
Filesize
184KB

MD5
e9f1756915d0e6a4b537aa64f701a80a

SHA1
12114773783f8555d107d3a763d2c2d928207a33

SHA256
dd9c74c132098e45eeda56e7ed8749c4fe81992030a5e278858b0c76499942be

SHA512
8de43b22beac69ef8b5086859dd445705b3e6c5eb49eaf2885afff458592fa0383d46443712a8f947f7fa1291a50e60089940fa53354677fa104a0860f749b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
Filesize
184KB

MD5
dee99e7d6fc8359f838593f0db1ecbb9

SHA1
5cc1f2c9e1a01b9ab0c3e005e42dc280cd9e16c9

SHA256
0e585ee29f9548bd3eecae3d90664304b60bccabecfaa3feeec52543243ac486

SHA512
e225491193697297c9e9d9054c0196c184f7d15bb1d638f5ed22399a8f8664756928340a21cac9cf6bf14d8c25bf8d4bf35384fe7449076c21e45b854a89c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
Filesize
184KB

MD5
f71a0c201308835aa358d22cc13756d8

SHA1
3c99c10ac8860465af64106a2bfdffcec264288a

SHA256
6d9a6d3b8688986c204c6e2167c7bf01e1ce014f664e39f6fd7095bba138f9b7

SHA512
0fc79cfa3d6b7c82b36221953792a483e18b16acc9e691b71d89187ae84b707203671a20a40080cb537ab01c5f33e9791fc47a2618f765857906fa759c3f313a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
Filesize
184KB

MD5
ead0eb0676153960abe64a72bb43446d

SHA1
7370bea644d621c4bef0c29dd534260f391904ec

SHA256
3320258764a792bf4421647a4dfe89b535e8579a2dbd0fd56bf582a12223122e

SHA512
3b5c723c202c92486f6bce6fea07af80d8b45a9643762c2dea1bdd0807890a70a545222d043ddb09044cee207cf9a054c8aa20e96b5b7019838ae153820db86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
Filesize
184KB

MD5
91cc8003d5dd7dcc8bb9dedaa831c631

SHA1
eee0574c253364ccc2b2c822ed6f89ff1cf7dc2b

SHA256
dd18d3da7d36f5f10440be9bd32f49683882c2fc8775e13d4c04d67451fb8fb9

SHA512
22c0fedd16ca0e2f7cf7fd97d26ae04d2a5d8b3a83bc2124226dfc53f5da3f0573298c5ee41a53dc942c83603bffb6737876200d1e8df53de41e42d61e3ed7df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
Filesize
184KB

MD5
65f24b72f25c082e7a8c3a2dc27ba985

SHA1
b6bbc20fedcc731684c198c9349e5dd6c8480975

SHA256
148057c72d46f515f8f67e668dc88ebb01587e6bd6b09cd514c18be0d84b1986

SHA512
d9444d4a661ec92d9a834670f8aaac5321e32060ee0fd9b0bce367cd2978f30dee322bfc8002e8b45911f4b43f6da469985ee19f35b0ef8bcf9483a64d749915

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
Filesize
184KB

MD5
20fb24e9e1a9fff62598f7756b7b1233

SHA1
1960dd246e5da46dfdd693cc7a089579ab959b5f

SHA256
dca606829d47d4589dac84868a92d2fbaade6403f0898f5547f3de3fde1779b7

SHA512
86042b420a4552f3cc5575fae9bfa6784777c63fae038338c236c856500326c826efb6a2f09d77aab61743dda15456d6997597df184590cfae782b8f01263247

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
Filesize
184KB

MD5
5d0acb8b1e511dd4888e5fc20ae14c07

SHA1
747ecb3d640961d00d3be330eaaaafc8deae0b05

SHA256
d1e4d13cd5f1c79d86620f2ba047559ece998d26eed68b9fa77e6ef00f54e459

SHA512
72b61e11da02b8185d896ba1b15d4551faff561f84e8e1f201fe386fab109c9e0dd0edf0ddb4826850b02cc18c04b3fc40a1c559d770e4b817383dad65963032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
Filesize
184KB

MD5
84eb3060549eab64106872c40b930585

SHA1
f1f6122f28ba94469d51d82452c1c90619ff5c1f

SHA256
ac4997586bf59224f74f92541c4fde2329b38ecc43bebb9649b6563e6a4366df

SHA512
d781917d66766b6a47109ba4cce93ebd0bec45ed5ce85959f506e797084ff4b9a3510bad048f46f9e8c94b793506043332a3a3c058fb14036f94325f39940957

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
Filesize
184KB

MD5
30af764b5caf85cf5b19dfdcb5926a08

SHA1
f39e2b78b4d2aa33cf23d4894c94ed5349f5e467

SHA256
40fbd13d7eeaee41ba9f4aeb56ed18590941e2636e1ce60366048bed473e5fd2

SHA512
8de6e5c374f8069a9f02dd41a495adc107b6e67f2e5718264db959dcc9384303e7eaaac454d8af37aff50fae45baccf7f4c44e54334fa21d09a1677d7cdc2804

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
Filesize
184KB

MD5
ef3882f3a9b4be72b302ede08b657888

SHA1
e89142a15f9f74e2beb4ad5eea597e1ea76c5ea2

SHA256
519cdb7c6cfd79a4d5bd6c05cc63bf2057e9f8569a9bf09ed8a42b5851357290

SHA512
c439d9cf9b35d992f1ca1949fba1798eeb27141f4523527fa9fa50a0a28355f2d68091bae423ae7fa5408fdab84ae05723f163f4ce1ee8f7af79bee3ace6bb06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
Filesize
184KB

MD5
a504bfa5b2fa54263fe77e6ed8a5db63

SHA1
bcd987330292fc782e47b959903a1a65e0bb1237

SHA256
9c9dad7c6995f96cdccae3bad0c72395110d7870fb67759e0ae4928a2a2ae3d7

SHA512
1f6efd1695a30417137b758eb57a16b505098d8a6b51fcdae8540c3be22b39f95606dc07955449aeba69b677534eb09731017544f64752ae3a8b43619a0b4ac7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
Filesize
184KB

MD5
03a09affe2e404ef6015ddbfa326256d

SHA1
142dd0e89bd0d1ecbeaa9e21911d7856d06b8b9e

SHA256
8fef0a27ed75c57dc7fe44de7999e253edc5044b748cf0c3cc6b0cc3028c3c45

SHA512
29f40c21604f43067218763c5d3256c326025c7858dd9acf8a3f293a30560912596ad8a14ba805c9f350f3f72c9d0b790f0e9bf2cd120c44e594cc8af268ac09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
Filesize
184KB

MD5
a1bd29946c7a0263190af0434954b94e

SHA1
c2eca556400a2f2455a87bb13cfb3542f2695954

SHA256
a3d265aef3660af3de7caccc831dd67cc253ee6a07cf770d7584fde55a7c62c3

SHA512
2c59aff126c640a244a7b3ae0135850ebff330f71090b24f772e72304c243e10a6138dc6f204cdd39206abb29f9ca679322025d4a62c9f3bdd4e33f8766e621f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
Filesize
184KB

MD5
9a528c610b2e683fddbebf2ba54aaee6

SHA1
fa7c12632f99ff70c30cdd755fd12e3d93c6a8ac

SHA256
ad8d539bdf1a5af1bd9ea39a45bb52138881eb4e3e4ee011a42c751536e8dcd9

SHA512
6e9993a3d1f60b8bede137a4a2896f4458ee26983b2e282acdfadac49df600a5645083ac3cabaffc673a4e2e8e358c9716bad8ad35ef6efe424b86c338a711af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
Filesize
184KB

MD5
542424371850b0cb42c46941d21aa26d

SHA1
ccf2016fe1eb563f1734ac6451058ce35f6fc704

SHA256
95482cc91fb0c976ed55f8af91cc8a77765862dd559a68e65ed307e1ee128d68

SHA512
faa7e0924def4f5b9696b3cd8446e524f031e4bdc092af07a6adc48088f705dd6aa4e82a7834ad8aedc48adc6ce362a125a747a113ae6a05d46f687423acb903

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
Filesize
184KB

MD5
d9124f5a964c95452060c9c2fc19cbef

SHA1
46f74740f6541f1a223e684baf5477bb339d7477

SHA256
8137e7d10457354091ae3b95eff583ad7c8b2a5bc7fca64a612a242f7c18a792

SHA512
260fe35d01ffb6f5ce8d28bb82c1bafe70a044acc3c74fa69e39b69eb84fa54bf7de41ad5d2c47630b1f94caf9296f05ba6e69ff1024f2139ca77ad509d68bdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
Filesize
184KB

MD5
6a3126a5112d2e9fb17dfb2061812704

SHA1
602e469417aa22ed68047124abe338042becf556

SHA256
d736b4542fe84793027d03577f230ca6bb1137365ea11309a16ee7bdbfb2cc23

SHA512
67305c300ab62679db463b03539c14f180082893bb71d490ce84762347d3a9ad2b102ec26888053ca0da022b2aba662c3ae70314ca6c5d07022a43d9849ed4e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads